Skip to content
Data breachOngoing

90,726 people affected by the TooEasy Agence Web data leak

A data set tied to TooEasy Agence Web, a French web and digital agency based in Valence, was put up for sale on a dark web forum, exposing roughly 90,726 unique email addresses along with client names, phone numbers and recruitment records.

Victim
TooEasy Agence Web
records
90.7K

On 18 January 2026, TooEasy Agence Web — a French web and digital agency based in Valence (Drôme) and Avignon (Vaucluse) that builds websites and web/mobile applications — was named in a confirmed data leak after a database tied to the agency surfaced for sale on a dark web forum. About 90,726 unique email addresses appear among the exposed records.

The data set appears to be a broad snapshot of the agency's client and recruitment records rather than a single contact list. Because web agencies typically hold administrative access to their clients' sites and SEO portals, the exposure also raises a downstream supply-chain risk for TooEasy's customers. The precise intrusion path was not disclosed; reporting points to a likely unpatched web vulnerability or a compromised employee credential.

Exposed data categories included:

  • Full names
  • Email addresses (about 90,726 unique)
  • Phone numbers
  • Job applications and CVs (which may contain home addresses, employment and education history)
  • Project metadata for web development and digital marketing engagements

At the time of reporting the data was being actively marketed for sale, so the incident is considered ongoing. The volume and nature of the records make affected individuals a plausible target for phishing and identity-theft attempts.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-18-tooeasy-agence-web
  2. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-2026-database-of-tooeasy-web-agency-on-sale
  3. tooeasy.frhttps://www.tooeasy.fr/

Related incidents